5 Replies Latest reply: Oct 11, 2012 9:52 AM by KT RSS

    custome role maper example

    KT
      Hi All,
      we have a requirement where authentication on LDAP and roles are defined in database roles.
      i need to write custom role maper provider in weblogic .
      can any have sample custom role maper ?
      please provide any documentation/link?

      appreciate your help
        • 1. Re: custome role maper example
          Kalyan Pasupuleti-Oracle
          Hi,

          Here are the following code samples.


          package model;

          import javax.ejb.Remote;

          @Remote
          public interface SessionEJB_WS {
          public String hello(String test);
          }



          package model;

          import java.security.Principal;
          import javax.annotation.Resource;
          import javax.annotation.security.RolesAllowed;
          import javax.ejb.SessionContext;
          import javax.ejb.Stateless;
          import javax.jws.WebMethod;
          import javax.jws.WebParam;
          import javax.jws.WebService;
          import javax.xml.ws.WebServiceContext;
          import weblogic.jws.Policy;

          @Stateless(name = "SessionEJB_WS", mappedName = "Websphere-WebService-Policy-EJB_WS-SessionEJB_WS")
          @WebService(name = "SessionEJB_WS_BeanService", portName = "SessionEJB_WS_BeanServicePort")
          public class SessionEJB_WS_Bean implements SessionEJB_WS {
          @Resource
          SessionContext sessionContext;
          @Resource
          private WebServiceContext wsContext;

          public SessionEJB_WS_Bean() {
          }

          @Override
          @WebMethod
          @RolesAllowed ( {"Admin","Manager"})
          public String hello(@WebParam(name = "arg0")
          String test) {
          Principal principal = wsContext.getUserPrincipal();
          String user = principal != null ? principal.getName() : "";
          return "SecuredHello method has been called by principal: " + user;
          }
          }


          package com.client;

          import java.security.cert.X509Certificate;

          import java.util.ArrayList;
          import java.util.List;
          import java.util.Map;

          import javax.annotation.Generated;

          import javax.xml.ws.BindingProvider;

          import weblogic.security.SSL.TrustManager;

          import weblogic.wsee.jaxws.JAXWSProperties;
          import weblogic.wsee.jaxws.sslclient.PersistentSSLInfo;
          import weblogic.wsee.jaxws.sslclient.SSLClientUtil;
          import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
          import weblogic.wsee.security.saml.SAMLTrustCredentialProvider;
          import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
          import weblogic.wsee.security.util.CertUtils;

          import weblogic.xml.crypto.wss.WSSecurityContext;
          import weblogic.xml.crypto.wss.provider.CredentialProvider;

          import com.clientTest.*;


          public class SessionEJB_WS_BeanServicePortClient {
          public static void main(String[] args) {

          String clientKeyStore ="C:\\Oracle\\Middleware\\wls1035\\wlserver_10.3\\server\\lib\\DemoIdentity.jks";
          String clientKeyStorePasswd ="DemoIdentityKeyStorePassPhrase";
          String clientKeyAlias = "DemoIdentity";
          String clientKeyPass = "DemoIdentityPassPhrase";
          String trustKeystore = "C:\\Oracle\\Middleware\\wls1035\\wlserver_10.3\\server\\lib\\DemoTrust.jks";
          String trustKeystorePasswd = "DemoTrustKeyStorePassPhrase";

          PersistentSSLInfo sslInfo = new PersistentSSLInfo();
          sslInfo.setKeystore(clientKeyStore);
          sslInfo.setKeystorePassword(clientKeyStorePasswd);
          sslInfo.setKeyAlias(clientKeyAlias);
          sslInfo.setKeyPassword(clientKeyPass);
          sslInfo.setTrustKeystore(trustKeystore);
          sslInfo.setTrustKeystorePassword(trustKeystorePasswd);
          sslInfo.setTrustKeystoreType("JKS");
          sslInfo.setKeystoreType("JKS");

          System.out.println("before service");
          SessionEJBWSBeanService_Service sessionEJBWSBeanService_Service = new SessionEJBWSBeanService_Service();
          System.out.println("after service");

          SessionEJBWSBeanService sessionEJBWSBeanService = sessionEJBWSBeanService_Service.getSessionEJBWSBeanServicePort();

          ((BindingProvider) sessionEJBWSBeanService).getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY,SSLClientUtil.getSSLSocketFactory(sslInfo));
          ((BindingProvider) sessionEJBWSBeanService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://localhost:7002/SessionEJB_WS_Bean/SessionEJB_WS_BeanService");


          try {
          String s= sessionEJBWSBeanService.hello("");
          System.out.println("user ::::::: " + s);

          } catch (Exception ex) {
          ex.printStackTrace();
          }

          }

          static {
          //for localhost testing only
          javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {

          public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
          if (hostname.equals("localhost")) {
          return true;
          }
          return false;
          }
          });
          }

          }




          Instruction.
          =======


          open command prompt window and run <WL_HOME>\server\bin\setWLSEnv.cmd
          ant build-service
          When generating the web service we must use below option to generate descriptor files.
          <jws file="model/SessionEJB_WS_Bean.java" type="JAXWS" explode="true" generateDescriptors="true"/>
          Once you have generated the descriptor files please add below content to weblogic-webservices.xml

          Add following content to weblogic-web service.xml after </service-endpoint-address>
          ==============================================================
          <login-config>
          <xp:auth-method xmlns:xp='http://java.sun.com/xml/ns/j2ee'>CLIENT-CERT</xp:auth-method>
          </login-config>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          ant deploy
          If your deploying from console make sure you select below option during deployment.Custom Roles: Use roles that are defined in the Administration Console; use policies that are defined in the deployment descriptor. when deploying it from ant you need to mention securityModel="CustomRoles"
          ant generate_wsdl
          ant build-client
          cd src
          set CLASSPATH=%CLASSPATH%;..\output\EjbClient.jar;
          javac com\client\SessionEJB_WS_BeanServicePortClient.java (make sure EjbClient.jar is in classpath which generated from clientgen)
          copy wsdl and schema file from .\output\WSDL\model\SessionEJB_WS_Bean to .\src
          java com.client.InvokeclientSidePolicy



          Regards,
          Kal
          • 2. Re: custome role maper example
            KT
            Thanks Kalyan,

            i started developing custome Role mapper provider from the below documentation

            http://docs.oracle.com/cd/E13222_01/wls/docs92/dvspisec/rm.html#wp1137556

            but i see your example role maper something diffrent.

            can you please let me know if you have developed rolemaper as documented in the above link.
            • 3. Re: custome role maper example
              Kalyan Pasupuleti-Oracle
              Hi KT,

              I understand that you are following document that is correct way.

              given above sample code is also one of the similar part.

              but still you can try with given code once and check where it works for you or not.

              Regards,
              Kal
              • 4. Re: custome role maper example
                KT
                Thanks Kalyan,
                i will continue with your sample code.
                I will get back to you if i stuck anywhere.

                thanks for the quick response :)


                Thanks,
                KT
                • 5. Re: custome role maper example
                  KT
                  Hi Kalyan,
                  i just started with your sample code
                  but i didnot understand your code.
                  what i am actually looking for is i need to get roles from database.
                  in your code i dont see database call or populating roles.
                  please guide me

                  thanks
                  KT